Operation Choke Point: Dead or Alive, It Can’t Be Ignored

Although the Operation Choke Point initiative came into effect over two years ago and the financial industry has taken many measures to respond, the high degree of uncertainty for banks, Third Party Payment Processors (TPPPs) and Third Party Senders (TPSs) continues to plague the industry as seen in recent headlines from CommerceWest Bank and Plaza Bank, with settlements totaling over $6 million. This atmosphere of uncertainty was apparent in a session titled “Payroll Processors & Operation Choke Point” at last week’s PAYMENTS 2015 Conference in New Orleans, where attendees expressed their challenges with the current environment.

As an attendee from a Financial Institution (FI) stated, “One regulator told us that Operation Choke Point is an urban legend, while another told us that it’s definitely real and you have to do what we say. It also doesn’t help that the guidance for Operation Choke Point is all over the place.” To make matters worse, the lists used by the different players to provide Know Your Customer (KYC) information to their FI or regulator, such as the Prohibited Industries list, are inconsistent from organization to organization, causing information gaps and added angst.

Presenters Michelle Fantanza, operations & support manager from PAYCHEX, Inc .and Alex Romeo, vice president — EPN product manager at The Clearing House Payments Company L.L.C., explained that the impact of Operation Choke Point has been:

Multiple regulating agencies issuing “guidelines”

Varied interpretation of these guidelines by Financial Institutions and Regulators

Increased costs to support KYC

Increased costs to small businesses and competitive pressures

Another outcome from Operation Choke Point was the de-risking of merchant, TPPP and TPS relationships. While some of this de-risking may have been warranted, legitimate businesses have suffered from this trend. Both FinCen and the FDIC have since clarified their guidance where they recommend taking a risk-based approach, where client risk is managed on a case-by-case basis.

In the midst of all of this uncertainty and added pressure, the session presenters offered KYC best practices and frameworks that they have implemented in their organizations to help them build strong relationships with their FI partners, as well as improve the outcome of their audits. These best practices can be leveraged by commercial banks as well as Third Party Payment Processors and Third Party Senders:

Establish thorough reviews at client onboarding and make informed risk decisions. The session presenters provided guidance consistent with this approach by recommending the following steps for merchant onboarding:

Due Diligence: This includes client authentication, account origination review and a credit review.

Enhanced Due Diligence and Special Enhanced Due Diligence:This includes watch list screening and OFAC checks.

Monitor your portfolio on an ongoing basis. According to presenter Alex Romeo, “Risk management doesn’t end once you’ve onboarded your customer, it has just begun. You need to have ongoing monitoring to detect nuances in their business.” Regular and consistent monitoring of your portfolio can help detect critical changes that you can then proactively address before your next audit.

Educate your employees on your fraud prevention practices. As Michelle explained, PAYCHEX has trained employees outside of risk management on key risk factors to look for. With more people in their organization trained to think like risk managers, PAYCHEX is optimizing their internal resources to meet KYC requirements.

Create sound operational processes and partnerships. PAYCHEX does this with regular communications, quarterly meetings and sharing of best practices with their FIs. They keep their fingers on the pulse of current regulations through these regular communications to not only better position themselves when they are audited, but to keep an open dialogue with their FIs and enhance their relationships.

Leverage industry resources. Consortia and industry groups such as NACHA and the TPPPA provide valuable guidance, training and expertise to help navigate KYC and other important industry issues.

Report fraud. PAYCHEX recommends reporting acts of fraud to a fraud hotline to help weed out bad actors and prevent them from committing additional fraud.

Conduct annual ACH audits. This is mandated by NACHA and “should be performed under the direction of the audit committee, audit manager, senior level officer, or an independent (external) examiner or auditor of the Participating DFI or Third-Party Service Provider.”

While this may seem like a lot of steps to implement, your FI will be much better positioned for long term success with a comprehensive due diligence and ongoing monitoring program of your business portfolio.

At G2, we provide due diligence and monitoring tools to help you better know your customers both at onboarding and on an ongoing basis. Our due diligence tools include screenings for multiple risk factors, including fraud, compliance violations and appearance on industry watch lists. We have the most comprehensive list of businesses with past violations in the industry, along with billions of data points that we have collected over the past 11 years that pinpoint relationships to past fraud and compliance violations and predict the likelihood of future problems. In addition, we offer ongoing monitoring solutions to alert you of important changes in your portfolio that allow you to act on them before they damage your business.

Our solutions — based on the merchant intelligence described above — allow you to both identify business relationships that warrant termination, while at the same time review businesses on a case-by-case basis to determine which relationships to keep. This helps you to decrease your overall risk while at the same time retain and grow your sources of revenue.

There may be doubts as to the status of Operation Choke Point, but the effects are real.